uninstall.exe

YourFile Downloader

Via Advertising Group Limited

This is the Via Advertising bundle installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application uninstall.exe by Via Advertising Group Limited has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the YourFile Downloader installer. The file has been seen being downloaded from dn.yourfiledownloader.com and multiple other hosts.
Publisher:
http://yourfiledownloader.com  (signed by Via Advertising Group Limited)

Product:
YourFile Downloader

Version:
1, 0, 0, 182

MD5:
85c0296487e61c7ac4884267e3b898b4

SHA-1:
1b7d97bff4847db1406e5ee035be40ccc3bc5bd6

SHA-256:
37d369dc8f2cbd32f51160e072438bac6b3cc0a40cc333bb04b5031e809a9d02

Scanner detections:
20 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 4:21:53 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.574535
1075

avast!
Win32:Downloader-UGW [PUP]
2014.9-140224

AVG
Skodna.Generic_r
2015.0.3553

Bitdefender
Adware.Generic.574535
1.0.20.275

Bkav FE
W32.Clod321.Trojan
1.3.0.4924

Dr.Web
Adware.Downware.747
9.0.1.055

Emsisoft Anti-Malware
Adware.Generic.574535
8.14.02.24.04

ESET NOD32
Win32/YourFileDownloader (variant)
8.9464

Fortinet FortiGate
W32/SPNR.08LB12!tr
2/24/2014

F-Prot
W32/Backdoor2.HMWF
v6.4.7.1.166

F-Secure
Adware.Generic.574535
11.2014-24-02_2

G Data
Adware.Generic.574535
14.2.24

K7 AntiVirus
Unwanted-Program
13.176.11256

McAfee
Artemis!85C0296487E6
5600.7209

MicroWorld eScan
Adware.Generic.574535
15.0.0.165

Reason Heuristics
PUP.ViaAdvertisingGroupLimited.J
14.8.15.17

Sophos
Generic PUA BL
4.97

Trend Micro House Call
TROJ_SPNR.08LB12
7.2.55

Trend Micro
TROJ_SPNR.08LB12
10.465.24

VIPRE Antivirus
Via Advertising
26806

File size:
3.9 MB (4,066,736 bytes)

Product version:
1.0.0

Copyright:
Copyright http://yourfiledownloader.com (C) 2012

Original file name:
YourFile.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
YourFile Downloader

Language:
Language Neutral

Common path:
C:\Program Files\yourfiledownloader\uninstall.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
4/30/2012 12:00:00 PM

Valid to:
5/1/2013 11:59:59 AM

Subject:
CN=Via Advertising Group Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Via Advertising Group Limited, L=Nicosia, S=Nicosia, C=CY

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
54119944225483D152EE7DAA2475480B

File PE Metadata
Compilation timestamp:
11/30/2012 3:40:36 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:nAllZcS44lJH2PGb1GFIJ4jfbY2aXIMxaV9UV7UCLL/:CZcS44lJegzJ4jTY2aXBxXey

Entry address:
0xA2A3

Entry point:
E8, 1D, 66, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 44, 57, 42, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, 47, 08, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 20, A4, 40, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8, FF, 24...
 
[+]

Entropy:
7.8760  (probably packed)

Code size:
93 KB (95,232 bytes)

The file uninstall.exe has been seen being distributed by the following 4 URLs.

http://dn.yourfiledownloader.com/.../6RRbZWSMXfVuyA5ibdgQqy4ZEipiD01oZVkBKSaZhfn2Goa78JaGOTTEF JnVYG1M1JSZ1jBFOFYUp7yDBMcw==

Remove uninstall.exe - Powered by Reason Core Security